Cloud computing adoption: Control objectives for information and related technology (COBIT) - mapped risks and risk mitigating controls

Abstract

Cloud computing has emerged as one of the most hyped information technology topics of the decade. Little guidance is given to prospective consumers of the cloud computing services who may not possess technical knowledge, or be interested in the in-depth technical aspects aimed at information technology specialists. The aim of this study is to inform enterprise managers, who possess business knowledge and who may also be knowledgeable on the main aspects of COBIT, about the significant incremental risks this new technological advancement may expose the enterprise to if the proposals of possible controls are implemented by the prospective consumer enterprises to mitigate the incremental risks of cloud computing. An IT governance control framework was used to systematically identify and categorise the significant incremental risks and to assist in identifying the possible risk mitigating controls. It was discovered that the major risks of cloud computing adoption would be outsourcing of IT function (possibly across judicial borders) and the use of internet or wide area access technologies. Key words: Cloud computing, information technology (IT), control objectives for information and related technology (COBIT), IT governance, IT related risk.